CVE-2026-41940 | defend.network

What is CVE-2026-41940?

WebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

CVSS9.8 NVD 3.1

SeverityCRITICAL

Exploitation In the wild In CISA KEV

Triage statusActive Exploit

ActionPatch immediately

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability

Added to KEV2026-04-30

Federal patch deadline2026-05-03

Known ransomware useKnown

Affected product

WebPros CPanel & WHM And WP2 (WordPress Squared)

Remediation Steps

Verify current cPanel version against CISA advisory and latest security releases
Apply latest cPanel security patches before Sunday deadline enforced by federal agencies
Review access logs for exploitation indicators and unauthorized configuration changes
Reset all cPanel and database credentials after patching
Implement WAF rules to block exploitation attempts during patch deployment

References

Coverage on defend.network

Vulnerability Priority Report – Week 1 of May 2026 (May 4 – 10)
Checkmarx Jenkins compromise; AI-generated zero-day 2FA bypass (2026-05-12)
cPanel & MOVEit exploited; RMM phishing hits 80+ organizations (2026-05-05)
Linux root vulnerability in KEV; cPanel mass-exploitation continues (2026-05-04)
cPanel RCE ransomware; 30K Facebook hacked; Trellix source leaked (2026-05-03)
cPanel auth bypass; state token harvesting; SaaS extortion attacks (2026-05-02)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.